Google: Today’s Encryption May Not Survive Tomorrow’s Attacks

It is ‘deja vu’ all over again as Google prepares for a future that seems inevitable. Like the millennium bug of the late 90s, Practical Quantum Computing looks like the next big turn in this era of internet security and encryption.

269Total views

168Total shares

It is ‘deja vu’ all over again as Google prepares for a future that seems inevitable. Like the millennium bug of the late 90s, Practical Quantum Computing looks like the next big turn in this era of internet security and encryption.

Preparing for Advanced Quantum attacks

The prevailing concern is that in the near future, personal information may not be so secure as hackers could employ higher level computing procedures, otherwise known as Advanced Quantum attacks to crack current encryption techniques.

Considering the potential weakness of encryption which could make it vulnerable in the future, Google has set out to prepare for the rainy day while the sun still shines.

“The reason we’re doing this experiment is because the possibility that large quantum computers could be built in the future is not zero. We shouldn’t panic about it, but it could happen,” says Google security engineer Adam Langley.

New form of encryption for Chrome

Google revealed that it’s been rolling out a new form of encryption in its Chrome browser that’s designed to resist not just existing crypto-cracking methods, but also attacks that might take advantage of a future quantum computer that accelerates code-breaking techniques untold gajillions of times over.

For now, it’s only testing that new so-called “post-quantum” crypto in some single digit percentage of Chrome desktop installations, which will be updated so that they use the new encryption protocol when they connect to some Google services.

Google Software Engineer Matt Braithwaite points out that Google plans to discontinue the experiment after two years, and hopefully move on to an even better algorithm.

Braithwaite writes in a blog post:

"We're announcing an experiment in Chrome where a small fraction of connections between desktop Chrome and Google's servers will use a post-quantum key-exchange algorithm in addition to the elliptic-curve key-exchange algorithm that would typically be used."

Google’s experimental system

For now, Chrome’s security team will combine Ring-LWE with elliptic curve crypto rather than replace it.

That way, they say, they can at least be sure the experimental system will remain as strong as its older elliptic curve crypto alone.

They are also limiting the experiment to a small portion of Chrome users in part because the new crypto system adds about two kilobytes of data that must be sent in each direction when the browser makes a new HTTPS connection, which Google is concerned might cause data to be caught in some web filtering systems and firewalls.